[Let’s Build K8s] Hosting K8s on Your Local Machines (1)
Overview
Hi there!! In this series of articles (Let’s Build K8s), I will set up a k8s cluster on several physical machines with everyone! Instead of using online k8s services like GKE, we are going to build our k8s cluster and manage it by ourselves :)
Why I choose to set up k8s manually :
- A better understanding of k8s networking concept
- Make use of idle computers in our lab
- Scale the number of nodes based on our needs
- We don’t need to pay every month, it’s cheap :)
Prerequisite
I would like to have one master node (control plane) and three worker nodes, but this is optional. In other words, you can have only one worker node.
For each node machine, it needs to meet the following requirements:
- Running a deb/rpm-compatible Linux OS (I will use ubuntu for example)
- 2 GiB or more of RAM
- At least 2 CPUs on the machine that you use as a control-plane node
- With full network connectivity, you can use either a public or a private network.
After collecting your own machines, let’s check some machine conditions!
First, check the MAC addresses on each machine to make sure that they are unique. Simply speaking, MAC address is a unique code for networking hardware devices. If these values are not unique to each node, the installation process may fail.
Then, check the required ports. You can use tools like netcat to check if a port is open. For example:
nc 127.0.0.1 6443After finishing the above checkings, let's start installing some essential tools!
Notice:
The installation steps below need to be completed on every machine
CRI (Container Runtime Interface) Concept
Briefly speaking, CRI is responsible for telling kubelet how to manage and run containers inside the pod.
The communication between CRI and kubelet is based on gRPC, which is a high-performance remote procedure call framework transferring data with native protobuf.
The gRPC service includes the following two main parts:
- RuntimeService: Define some public APIs to manage containers during sandbox running time.
- ImageService: Define the method to pull, update and delete images from the image registry.
For some more detailed concepts, please check out the official document.
Installing CRI
There are several options for CRI nowadays:
- cri-o (Recommended by k8s official, we will use this one !)
- cri-containerd
- rkt
- frakti
- docker
You can choose any of them if you have installed it before, but we will try cri-o here :)
First, install the following command-line tool for later command execution:
- curl : commonly responsible for sending download request
- gnupg : responsible for secret file transfer
After that, get the operating system version by following command:
cat /etc/os-releaseThen, we need to export some environment variable, describing the operating system information and the cri-o version we want.
Take a look at the sheet below to find the suitable code for your OS version.
Export the $OS and $version with following command:
# Change the following based on your OS version
export OS="xUbuntu_20.04" # 1.21 is a stable version
export VERSION=1.21
By the way, please install version 1.21 cri-o, since I have tried the latest version (1.23), it seems to have some errors that haven’t been solved…
After you have set up the required environment variables, let’s start install some package for cri-o through apt (ubuntu installation tool):
echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/backports.listapt updateapt install -y -t buster-backports libseccomp2 || apt update -y -t buster-backports libseccomp2
Notice that there will be errors like NO PUBKEY XXX.
To solve this, use the following command to add multiple public keys into apt system:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <first PUBKEY>sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <second PUBKEY># ...(some more PUBKEY just use the same command)
Then, we need to save our installation specification into apt source file:
echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
After that, we can set up gnupg for secret file transferring:
# create directory including all the parent directory
mkdir -p /usr/share/keyrings curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg
Refresh apt !!! This step is REALLY important, or all the step above will be useless ; (
apt-get updateFinally, we can start installing cri-o on our machine :)
apt-get install cri-o cri-o-runcCongratulation 🎊🎊 !! We have finished installing the most important tool for k8s cluster in this article :)
Thank you for your time reading. Any suggestions are welcomed and feel free to point me out if anything is unclear.
See u guys next time ! Have a nice working day ~😃
